On July 26, 2017, the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury assessed a civil monetary penalty of $110,003,314 against Canton Business Corporation (BTC-e), one of the largest virtual currency exchanges by volume in the world, and a $12,000,000 penalty against Alexander Vinnik, a Russian national who allegedly controlled, directed, and supervised BTC-e’s operations, finances, and accounts. On the same day, a 21-count criminal indictment against BTC-e and Mr. Vinnick was unsealed, and Mr. Vinnick was arrested in Greece.

This is the second supervisory action that FinCEN has taken against a virtual currency exchanger, and the first against a foreign entity operating as a money services business (MSB) with activities in the United States. FinCEN’s action also imposes the second highest civil monetary penalty assessed against an MSB to date. FinCEN has increasingly brought enforcement actions against MSBs and other non-traditional financial institutions, and similar actions seem likely in the future.

According to FinCEN, BTC-e lacked basic controls to prevent the use of its services for illicit purposes, and as a result, purportedly maintained a customer base of criminals who concealed and laundered proceeds from crimes such as ransomware, fraud, identity theft, tax refund fraud schemes, public corruption, and drug trafficking, none of which BTC-e reported to FinCEN and law enforcement as required.

Specifically, the penalty assessment concluded that BTC-e violated FinCEN’s regulations issued under the Bank Secrecy Act (BSA) applicable to financial institutions by willfully failing to:

  1. Register with FinCEN as an MSB
  2. Implement an effective anti-money laundering (AML) compliance program
  3. Detect suspicious transactions and file suspicious activity reports (SARs)
  4. Obtain and retain records relating to transmittals of funds in amounts of $3,000 or more

FinCEN further determined that Mr. Vinnik willfully participated in these BSA violations.

Read the full advisory here. Further commentary is also available on the Steptoe International Compliance Blog.